<?php

require_once("include/bittorrent.php");
dbconn();
failedloginscheck();
if ($_POST['binding']) {
	if (!mkglobal("username:password:seckenuid"))
		die();

	$row = mysql_fetch_array(sql_query("SELECT id, passhash, secret, enabled, status FROM users WHERE username = '$username'"));
	if (!$row) {
		failedlogins("不存在这个帐号");
	}
	if ($row['status'] == 'pending')
		failedlogins("该账户还未通过验证。如果你没有收到验证邮件，试试<a href='confirm_resend.php'><b>重新发送验证邮件</b></a>。");

	if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"]))
		login_failedlogins();

	if ($row["enabled"] == "no")
		failedlogins("该帐号被禁用");

	sql_query("INSERT seckenapi (uid, username, secken_uid) VALUE (" . $row['id'] . ", '" . $username . "', '" . $seckenuid . "')");
	sql_query("UPDATE users SET secken = 'yes', seedbonus = seedbonus + $bindrewardnum WHERE id = " . $row['id']); //绑定后标记
	writeBonusComment($row['id'], "绑定安全登录一次性奖励 $bindrewardnum 个魔力值");
	$dutime = '604800';
	$passh = md5($row["passhash"]);
	if ($securelogin == 'yes') {
		$pprefix = "https://";
		$ssl = true;
	} else {
		$pprefix = "http://";
		$ssl = false;
	}
	if ($securetracker == 'yes') {
		$trackerssl = true;
	} else {
		$trackerssl = false;
	}
	logincookie($row["id"], $passh, 1, $dutime, FALSE, $ssl, $trackerssl);
	if (!empty($_POST["returnto"])) {
		header("Location: " . $pprefix . "$BASEURL/$_POST[returnto]");
		//header("Location: ../$_POST[returnto]");
	} else {
		header("Location: " . $pprefix . "$BASEURL/index.php");
		//header("Location: ../index.php");
	}
}